BC4006 Cloud Security Syllabus:

BC4006 Cloud Security Syllabus – Anna University PG Syllabus Regulation 2021

COURSE OBJECTIVES:

 To Introduce Cloud Computing terminology, definition & concepts
 To understand the security design and architectural considerations for Cloud
 To understand the Identity, Access control in Cloud
 To follow best practices for Cloud security using various design patterns
 To be able to monitor and audit cloud applications for security

UNIT I FUNDAMENTALS OF CLOUD COMPUTING

Understand what is Cloud computing, Architectural and Technological Influences of Cloud Computing, Understand the Cloud deployment models, Public, Private, Community and Hybrid models, Scope of Control, Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), Cloud Computing Roles, Risks and Security Concerns

UNIT II SECURITY DESIGN AND ARCHITECTURE FOR CLOUD

Guiding Security design principles for Cloud Computing, Comprehensive data protection, End-to-end access control, CSA, NIST and ENISA guidelines for Cloud Security, Common attack vectors and threats, Compute, Network and Storage, Secure Isolation Strategies, Multitenancy, Virtualization strategies, Inter-tenant network segmentation strategies, Storage isolation strategies, Data Protection strategies, Data retention, deletion and archiving procedures for tenant data, Encryption, Data Redaction, Tokenization, Obfuscation, PKI and Key

UNIT III ACCESS CONTROL AND IDENTITY MANAGEMENT

Understand the access control requirements for Cloud infrastructure, Enforcing Access Control Strategies, Authentication and Authorization, Roles-based Access Control, Multi-factor authentication, Host, storage and network access control options, OS Hardening and minimization, securing remote access, Verified and measured boot, Firewalls, Intruder Detection, Intruder prevention and honeypots, User Identification, Authentication, and Authorization in Cloud Infrastructure, Identity & Access Management, Single Sign-on, Identity Federation, Identity
providers and service consumers, The role of Identity provisioning

UNIT IV CLOUD SECURITY DESIGN PATTERNS

Introduction to Design Patterns, Platform-to-Virtualization & Virtualization-to-Cloud, Cloud bursting, Geo-tagging, Cloud VM Platform Encryption, Secure Cloud Interfaces, Cloud Resource Access Control, Secure On-Premise Internet Access, Secure External Cloud Connection, Cloud Denial-of-Service Protection, Cloud Traffic Hijacking Protection, Cloud Authentication Gateway, Federated Cloud Authentication, Cloud Key Management

UNIT V MONITORING, AUDITING AND MANAGEMENT

Proactive activity monitoring, Incident Response, Monitoring for unauthorized access, malicious traffic, abuse of system privileges, intrusion detection, events and alerts, Auditing – Record generation, Reporting and Management, Tamper-proofing audit logs, Quality of Services, Secure Management, User management, Identity management, Security Information and Event Management

COURSE OUTCOMES:

CO1: Understand the cloud concepts and fundamentals.
CO2: Explain the security challenges in cloud.
CO3: Define cloud policy and Identity and Access Managements.
CO4: Understand various risks, and audit and monitoring mechanisms in cloud.
CO5: Define the various architectural and design considerations for security in cloud.

TOTAL PERIODS:45

REFERENCES

1. Raj Kumar Buyya , James Broberg, andrzej Goscinski, ―Cloud Computing:‖, Wiley 2013
2. Dave shackleford, ―Virtualization Security‖, SYBEX a wiley Brand 2013.
3. Mather, Kumaraswamy and Latif, ―Cloud Security and Privacy‖, OREILLY 2011
4. Mark C. Chu-Carroll ―Code in the Cloud‖,CRC Press, 2011
5. Mastering Cloud Computing Foundations and Applications Programming Rajkumar Buyya, Christian Vechhiola, S. Thamarai Selvi